LOGBOOK

HELP

Quiz Entry - updated: 2026.06.04

What is the purpose of the Identify function in the NIST CSF, and what are typical outcomes?

Identify develops the organizational understanding needed to manage cybersecurity risk — to systems, people, assets, data, and capabilities.

You can't protect what you don't know exists. Identify is the foundation the other four functions build on.

Example outcomes:

  • An Asset Management program — inventory of physical and software assets
  • A Governance program — knowing which cybersecurity policies and legal/regulatory requirements apply
  • A Risk Management Strategy — established risk tolerance and priorities

Why it matters: most real-world breaches exploit assets the victim forgot it had (shadow IT, orphaned servers, unmanaged cloud accounts). A weak Identify function silently undermines every control downstream — your firewall can't protect the server nobody documented.

From Quiz: ISM / Frameworks — NIST CSF & IKT Minimalstandard | Updated: Jun 04, 2026